Hundreds of millions at risk from Chinese shopping app malware
The Chinese shopping app Pinduoduo, used by over 750 million people monthly, is accused of harboring malware that bypasses phone security to monitor user activity and is difficult to uninstall. Cybersecurity experts and former employees allege the app exploits Android vulnerabilities to spy on users and competitors, raising serious privacy concerns. The findings may impact its international sister app, Temu, which is rapidly growing in Western markets.
- ▪Pinduoduo is used by more than 750 million people each month and has been found to contain malware that can monitor other apps and read private messages.
- ▪Cybersecurity researchers and insiders say Pinduoduo exploited Android vulnerabilities to gain unauthorized access to user data and device functions.
- ▪Google removed Pinduoduo from the Play Store in March over malware concerns, and a Russian cybersecurity firm also reported finding potential malware in the app.
- ▪The app’s parent company, PDD, is listed on the Nasdaq and owns Temu, a fast-growing international shopping app not directly implicated in the allegations.
- ▪Pinduoduo has denied accusations of malicious behavior, and there is no evidence it has shared user data with the Chinese government.
- ▪US lawmakers remain concerned that Chinese companies could be compelled to cooperate with government data requests due to Beijing's legal authority over domestic firms.
Opening excerpt (first ~120 words) tap to expand
window.CNN.contentModel.leadingMediaType = 'video'; window.CNN.contentModel.isVideoCollection = false; Facebook Tweet Email Link Threads Link Copied! It is one of China’s most popular shopping apps, selling clothing, groceries and just about everything else under the sun to more than 750 million users a month. But according to cybersecurity researchers, it can also bypass users’ cell phone security to monitor activities on other apps, check notifications, read private messages and change settings. And once installed, it’s tough to remove. While many apps collect vast troves of user data, sometimes without explicit consent, experts say e-commerce giant Pinduoduo has taken violations of privacy and data security to the next level.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at CNN.
Discussion
0 commentsMore from CNN
